DirectX is a collection of application programming interfaces used to handle multimedia-related tasks on Microsoft platforms, especially game and video. The Microsoft DirectShow application programming interface (API) is a media-streaming architecture for the Windows platform. Microsoft said DirectShow can be used to help applications perform high-quality video and audio playback or capture.

Microsoft typically assigns the critical rating to flaws that can be exploited by a malware attack without user action. The important rating usually goes to flaws whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data or of the integrity or availability of processing resources.

Microsoft warned customers earlier this week that the vulnerability is a variation of one patched in 1999, which attackers could exploit to access sensitive data and redirect users to Web sites rigged with malware. It is not considered as big a threat as more recent zero-day flaws, however. Tim Rains of the Microsoft Security Response Center communications team said in an email late Monday that the software giant is investigating new public reports of a vulnerability in how Windows resolves hostnames that do not include a fully-qualified domain name (FQDN). He said the specific technology affected is Windows' Web Proxy Auto-Discovery (WPAD) program.

As is the case each month, an update of Microsoft's Windows Malicious Software Removal Tool will accompany the release of the security patches. That update will be available via Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

This month promises to be a busier patching month than November, when Microsoft only released two security updates addressing flaws remote and local attackers could exploit to compromise targeted Windows machines, including all supported versions of Windows 2000, Windows XP and Windows Server 2003.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy